keycloak.uma_permissions

User-managed access permissions module.

Module Contents

Classes

UMAPermission

A class to conveniently assembly permissions.

Resource

An UMAPermission Resource class to conveniently assembly permissions.

Scope

An UMAPermission Scope class to conveniently assembly permissions.

AuthStatus

A class that represents the authorization/login status of a user associated with a token.

Functions

build_permission_param(permissions)

Transform permissions to a set, so they are usable for requests.

class keycloak.uma_permissions.UMAPermission(permission=None, resource='', scope='')[source]

A class to conveniently assembly permissions.

The class itself is callable, and will return the assembled permission.

Usage example:

>>> r = Resource("Users")
>>> s = Scope("delete")
>>> permission = r(s)
>>> print(permission)
    'Users#delete'
Parameters
  • permission (UMAPermission) – Permission

  • resource (str) – Resource

  • scope (str) – Scope

__str__(self)[source]

Str method.

__eq__(self, __o: object) bool[source]

Eq method.

__repr__(self) str[source]

Repr method.

__hash__(self) int[source]

Hash method.

__call__(self, permission=None, resource='', scope='') object[source]

Call method.

class keycloak.uma_permissions.Resource(resource)[source]

Bases: UMAPermission

An UMAPermission Resource class to conveniently assembly permissions.

The class itself is callable, and will return the assembled permission.

Parameters

resource (str) – Resource

class keycloak.uma_permissions.Scope(scope)[source]

Bases: UMAPermission

An UMAPermission Scope class to conveniently assembly permissions.

The class itself is callable, and will return the assembled permission.

Parameters

scope (str) – Scope

class keycloak.uma_permissions.AuthStatus(is_logged_in, is_authorized, missing_permissions)[source]

A class that represents the authorization/login status of a user associated with a token.

This has to evaluate to True if and only if the user is properly authorized for the requested resource.

Parameters
  • is_logged_in (bool) – Is logged in indicator

  • is_authorized (bool) – Is authorized indicator

  • missing_permissions (set) – Missing permissions

__bool__(self)[source]

Bool method.

__repr__(self)[source]

Repr method.

keycloak.uma_permissions.build_permission_param(permissions)[source]

Transform permissions to a set, so they are usable for requests.

Parameters

permissions – either str (resource#scope), iterable[str] (resource#scope), dict[str,str] (resource: scope), dict[str,iterable[str]] (resource: scopes)

Returns

result bool